Developing an Identity Management Strategy
|
|
- Gwen Norman
- 8 years ago
- Views:
Transcription
1 <Insert Picture Here> Developing an Identity Management Strategy Yvonne Wilson Technical Director Identity Management Oracle On Demand Risk Management, Oracle Corporation. Copyright 2011 Yvonne Wilson,Oracle Corporation
2 Agenda The Problem What NOT to do How to engage the business Identify the impact of business initiatives on Identity Develop Functional Strategy Develop Technical Strategy Conduct Assessment Prioritization Solutioning Funding Copyright 2011 Yvonne Wilson,Oracle Corporation
3 Identity Management A Perfect Storm More applications More accounts to provision and track More usernames and passwords More phishing/malware Less control over user devices More use of hosted and cloud-based services More internet exposure for applications Rising levels of fraud Increasing requirements for compliance/regulation Where to BEGIN? Image transferred from en.wikipedia.org The Storm on the Sea of Galilea Date=1632 Author=Rembrandt van Rijn Permission=loth
4 What NOT to do You should talk to The Business but don t: Overwhelm with Identity Mgmt jargon What are your current identity mgmt needs? <Insert Picture Here> You ll get tactical issues you can t solve in time Please rank the priority of the following? The business has no idea what these are SPML Provisioning? Dual Factor Authentication? Federated Single Sign On? Role Model analytics? What should we focus on in 2-3 years? Avoid security fear-mongering
5 Identity Management is like the wheel on a car The car won t get very far without the wheel The business Identity Mgmt But the wheel by itself isn t terribly useful. The wheel s purpose in life is to help the car reach its destination Image from wikimedia commons US public domain
6 Identify Business Trends and talk to the business about them Examples (pick what applies to your business) Social Networking Mob discounts (e.g. groupon etc) Cloud Computing Mobile computing (mobile access, search, location-based ) Leveraged business models/partnerships (supply chain, etc) IPv6 The storing and mining of Big data Virtualization. Of everything The need to go green Increasing legislation and regulation (Privacy, SOX ) Tough economy <Insert Picture Here> The list doesn t have to be perfect just enough to start the discussion Inspiration EAEC Article by Toyota (resource #1)
7 What to do Ask the business about business trends. E.g. What are the top business initiatives in your org? What IT changes are needed to support them? What Mobile platforms do you need to support? How do you want to use Social Networking? <Insert Picture Here> What Cloud Computing services are you considering? Are you working on collaborations with any partners? Are you opening self-service systems to customers? Do you need connections to customers/partners for anything? Ask for explanations/details for each of the above
8 Business Trend Identity Impact Map Business Trend IT Impact Identity Mgmt Impact Increased outsourcing, use of cloud services Increased use of more powerful handheld devices Leveraging business partners The social enterprise Virtualization & Middleware Business using applications outside IT control Application access over insecure networks New categories of users New access routes Blending of work and personal Identity More admin accounts Provisioning Challenge Password Proliferation Password exposure Loss of compliance info Password exposure Strong Authentication challenge Deprovisioning challenges Login Authorization Persistent Identifiers Lack of account control Shared account mgmt Password rotation challenges Translate business trends to their impact on identity mgmt
9 Ask About IDM-related Pain Points too SSO and Identity Federation Are your users overwhelmed with too many usernames or passwords? Are your helpdesk costs too high for account setup and password resets? Would you like single sign on across domains, such as to cloud services? Provisioning Do you need better control over account provisioning? Does onboarding of users take longer than it should? Do you need faster or more automated approval of user accounts? Does deprovisioning for terminated employees need to be more timely? Do you need better visibility into who has what kind of access across applications? Is it getting costly to manually produce compliance reports? Strong Authentication Are you concerned that user login credentials might be phished or stolen? Do you want a risk-based approach to stronger authentication (not a one-sizefits-all model)?
10 Ask About IDM-related Pain Points too Role Analytics, Segregation of Duties and Attestation Do you know the definition of every role in your apps and what they allow? Is your org struggling to track the roles you use in a big excel spreadsheet? Are you suffering from role proliferation? Are you challenged with tracking attestation efforts in s and spreadsheets? Are you confident that you have effective segregation of duties so that a given person doesn t have too much access, such as the role to create invoices and the role to approve them?
11 Functional Strategy For each impact/pain point identified Categorize it (my categories below) Provisioning Authentication Authorization Self Service Audit/Compliance For each category Identify starting/current state Identify best practices / target state <Insert Picture Here> Have a parking lot for flying cars ideas (avoid distraction) Review Functional Strategy with business stakeholders Build a shared vision of target state
12 Functional Strategy (example) Area OriginalState Target State Provisioning Authentication Authorization Who gives out keys to kingdom? Lengthy manual provisioning Scattered approvals Many usernames & passwords Many usernames/passwords Many logins every day Static password & OTP device Poor support for handhelds Decentralized local in apps Scattered audit trail of grants Spotty updates for job changes All approvers are known Fast, centralized provisioning Authenticated, logged approvals governed by automated workflows Single username and password Single username/password Single Sign On Choice of strong authn solutions Strong authn solution for handhelds Centralized grants of roles Authentication & log of approvals Access updated upon internal transfer Reviewed with business stakeholders sanity check, judge interest
13 Functional Strategy (example) Area Original State Target State Self Service Compliance Data Center Forgotten password = helpdesk cost Users call around to request accounts from different app owners Admin created Bob s account How many know Admin password? Who was user 53782? What can role Manager do? Costly manual compliance reporting Attestation managed in Excel & Local accounts on each server Roles for pre-vm/partner world Shared account pw not rotated Command logging for some systems Self-service password reset (cheap) One place to make Self-service account/role request Named user approved Bob s account We know who has Admin privilege ID-to-person mapping forever Reports show Manager role privileges Automated compliance reporting Delegation workflows for attestation Accounts in scalable directory Updated role model accomodates partners, virtual machines etc Password mgmt for all shared accts Command logging for all systems
14 Identity Management Target State (Example) Provisioning / Reconciliation / Attestation Automate, authenticate and log all account/privilege requests and approvals Provide adequate context to approvers so they can make informed decisions Automate de-provisioning upon job termination or internal transfer Implement reconciliation to identity local/rogue accounts created outside IDM system Implement Segregation Of Duties to limit each individual person s access appropriately Conduct periodic account/privilege reviews and have owners attest the access is ok Eliminate/prevent local/manual accounts (not governed by IDM infrastructure) Use named accounts wherever possible (minimize use of generic accounts) Self Service Self-service profile update for profile information not used by security decisions Self-service forgotten password reset with previously registered security questions One place to go to reset password (not done individually in a lot of applications) Password Management Use Single Sign-On to reduce number and location of passwords Periodic password expiry for all accounts Use of a Password Manager wherever generic accounts are needed Enforce password standards at time of set/reset
15 Identity Management Target State (Example) Authentication Use single sign on to centralize authentication policy and credential validation Use strong authentication for higher risk environments (internet access, administration) Provide a choice of strong authentication if possible (no single perfect solution) Use Federation where cross-domain single sign-on is needed (outsourcing/cloud) to minimize exposure of SSO credential and control strong authentication mechanism Leverage context info (device fingerprint, location, time of day etc) for security decisions Access Control Ensure data integrity of data used for access control decisions (it is current, approved) Centralize policy decisions where applications allow such externalization Track roles in use, their definition, where used, who grants them, who has them A person s access and privileges are reviewed/updated upon job transfer within the org Logging Log activity to capture who did what when, and the data used for the policy decision Log unique identifiers that forever resolve to a specific person, even as time passes Retain a repository of identifiers that has info even on users who ve left the company Implement tamper-evident log files Provide visibility and reporting to facilitate periodic & anomaly-based reporting of access and ensure use by those who know what to look for
16 Identity Management Target State (Example) Compliance There is visibility of what accounts and access a specific person has or had There is visibility of who has or had a particular type of access at any point in time There is visibility of when accounts and privileges started and stopped There is visibility of who approved every account or role that requires approval All provisioning of roles/access is governed by Segregation of Duties check so one individual person doesn t have too much access. Reports can be automatically generated to produce most of what is needed for compliance Architecture There is a recognized, authoritative source for each type of user, each profile attribute For employees it is usually an HR system (some info, such as cellphone # might be self-service maintained) For customer users it is usually a self-registration system on a customer portal For partner users it varies some are self registered, some are in a contractor database, some are treated like employees and enterer into HR. Security decisions use trusted identity information from authoritative sources Separate administrative access and access to business data where possible All repositories of identity and access information are protected with security best practices You can t do this all at once that s ok. Make steady progress.
17 Technical Strategy For each category identified Identify steps to achieve target state Identify dependencies Identify foundational elements These enable many projects-prioritize them first Ensure interim steps deliver some benefit <Insert Picture Here> May need separate strategies for different environments Internal, employee-facing environment External, customer-facing environment Data center Review resulting Technical Strategy with business Explain benefits in context of Functional Strategy Different constituency for each
18 Technical Strategy (Example) Highlighted items are foundational/core elements Area Near Term (yr 1) Midterm (yr 2) Long term (yr 3) Provisioning Deploy provisioning tool Integrate HR as source Integrate corp directory Integrate SOX apps Integrate HR apps Integrate data center Integrate other apps Authentication Deploy WW directory Deploy Single signon Integrate SOX apps Strong authn pilots Integrate HR apps Integrate Datacenter Deploy federation Strong AuthN within HR Integrate other apps Federation for cloud services Two+ strong authn solutions Authorization Role model design Role Request workflow Role Provisioning SOD Integration Deploy Role Analytics Automate attestation This gives you a high level project roadmap
19 Technical Strategy (Example) Highlighted items are foundational/core elements Area Near Term (yr 1) Midterm (yr 2) Long term (yr 3) Self Service Provisioning tool allows profile updates, password updates for employees Provisioning tool allows self-service registration for partners, customers Support for role requests Custom workflows for other types of resources Compliance Identify reporting needed Ensure adequate audit log levels/info Automate compliance reporting SOX apps Integrate compliance reporting HR apps Data Center Account/role cleanup LDAP replaces NIS LDAP integration OS level authentication Password manager for OS shared accounts SSO integration for web console tools Provisioning Integration Use attestation tools Modify as needed for your organization s state and needs
20 Assessment Good for identifying tactical issues Create inventory of applications/systems Highlight those critical to identity mgmt Focus on systems which control accts/access Conduct assessment of current capability / gaps Use a clear scoring rubric reduce subjectivity <Insert Picture Here> Include a notes area for respondents to comment/clarify Interview respondents if possible for best understanding Track context/scope for each response if appropriate Analysis tools to slice and dice data helpful
21 Scorecard Assessment (Example) Identity Area Clear Scoring Rubric Notes Account Provisioning Authentication Application Integration 5=All accts, roles centrally provisioned, reconciled 4=All accts, roles centrally provisioned 3=Internal accts provisioned, roles local in applications 2=Some accts centrally provisioned, some local 1=No central provisioning, all accounts local 5=Federated Single Sign On 4=Single Sign On with strong authentication 3= Single Sign On, static password 2=LDAP directory authentication, static password 1=Local username, local static password 5=Most applications integrated with SSO 4=HR applications integrated with SSO 3=SOX applications integrated with SSO 2=most applications integrated with directory 1=Few applications integrated with directory or SSO Inspired by assessment from Information Security Forum securityforum.org (#2) Include items to assess against your target state e.g. slides in my example
22 Prioritization Make a master list of initiatives Strategic projects strategy team Tactical/mitigation projects sec ops Data center projects data center team <Insert Picture Here> Each security team allocated X points across initiatives Variation of 100 points prioritization scheme Voting informed by assessment results Informed also by dependencies, foundational elements Team leads met to synthesize results across teams Result: Master list of ranked priorities Fed tactical items back into strategic/technical roadmaps
23 Prioritization by Business Initiatives? Business Initiative Make Money 1 Increase Market Share 2 Supply chain partnership 3 Web-enabled customer portal Rank 4 A scheme I will try next time includes biz initiative ranking in prioritization See resource #5 Project Initiatives Supported Avg of Rank Supported (low wins) Provisioning 1,3 2 = [(1+3)/2] Data Retention 1,3 2 = [(1+3)/2] New log mgmt system none n/a Implement SSO 1,2,3,4 2.5 = [( )/4
24 Solutioning For each item prioritized Research potential solutions Evaluate against requirements Conduct POCs/Trials as needed Involve business stakeholders in POC, trials Keep the discussion going If the business says a solution is horrible, keep looking <Insert Picture Here>
25 Funding Identify owners of projects enabled by initiatives Should be same stakeholders as before Go over initiative, benefits to their projects Key: <Insert Picture Here> Timing several months before annual budget cycle Early discussion of business initiatives Explanation of how strategy supports business initiatives Involvement in product reviews, pilots skin in the game Several discussions before the ask Goal: Business teams include our projects in their roadmap Business teams fund our initiatives
26 Questions? <Insert Picture Here>
27 Resources 1. Enterprise Architecture Executive Council 2. Assessment Information Security Forum used their security assessment 3. Description of several prioritization methods 4. Prioritization as in Capital Allocation Problem 5. Priority Modeling based on Business Initiatives
28 Oracle Identity Management Products Identity Administration Identity Manager Identity & Access Governance Access Management* Access Manager Adaptive Access Manager Enterprise Single Sign-On Identity Federation Entitlements Server Identity Analytics Directory Services Directory Server EE Internet Directory Virtual Directory Oracle Platform Security Services Operational Manageability Management Pack For Identity Management *Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet
29 Recommendations Early projects Directory service deployment (technology, DIT design, governance model, usage policy) (avg 6 mo) Virtual/Meta directory if you have many directories or repositories of identity info Addressing namespace overlap across directories/domains/environments Single sign on (focus on critical apps first SOX, HR, Legal, PI etc) Benefits: User convenience, Static password credential only exposed to single place, Single place to quickly shut off access, Central log of authentication activity, Single place to implement other services such as strong authentication and federation Deploying SSO avg 6 mo, Apps avg 2-3 months per app
30 Recommendations Second projects Provisioning Focus on employee community first use HR as a source Probably need to include internal partners (consultants etc) find best source clean up data, process to ensure integrity Automatic workflows to apps everybody gets efficiency Approval workflows for apps requiring approval for access Default is two approvals manager and resource owner Can show ROI from automating compliance reporting and reducing help desk costs with self-service features Single place to control roles/privileges Reconciliation features can find local/rogue accounts Break this deployment into several steps
31 Recommendations Second projects (Continued) Federation Good if you have outsourced/cloud apps (or many domains) Puts you in control of authentication (and ability to add strong authentication, and what form) Avg 3 months per federation if other side experienced Avg 6 months per federation if first time for either side Strong Authentication Good if you have internet-facing apps There isn t really one perfect solution for all users, devices Plan for two if you can afford it. Don t ignore mobile/handheld devices your users use them Timeframe varies widely by type of solution (6 mo to 1+ yrs) Shortest server side device fingerprinting, longest - certs
32 Recommendations Third Wave Segregation of Duties Incorporate SOD checks into your provisioning workflows (as opposed to just periodic checks) so violations are never provisioned. Attestation Use a provisioning or identity analytics tool to manage the periodic inventory of accounts better than a lot of spreadsheets Identity Analytics If you think your accounts/privileges are really out of control, you might consider deploying this early on to help with the analysis and cleanup. Otherwise, these can be useful to analyze and streamline/refine role models and access.
33
34
<Insert Picture Here> Oracle Identity And Access Management
Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.
More informationIdentity Governance Evolution
Identity Governance Evolution Paola Marino Principal Sales Consultant Agenda Oracle Identity Governance Innovation Cloud Scenarios enabled by Oracle Identity Platform Agenda Oracle
More informationIDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach
IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement
More informationThe Unique Alternative to the Big Four. Identity and Access Management
The Unique Alternative to the Big Four Identity and Access Management Agenda Introductions Identity and Access Management (I&AM) Overview Benefits of I&AM I&AM Best Practices I&AM Market Place Closing
More informationKey New Capabilities Complete, Open, Integrated. Oracle Identity Analytics 11g: Identity Intelligence and Governance
Key New Capabilities Complete, Open, Integrated Oracle Analytics 11g: Intelligence and Governance Paola Marino Principal Sales Consultant, Management Agenda Drivers Oracle Analytics
More informationOracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com
R2 Oracle Privileged Account Manager 11gR2 Karsten Müller-Corbach karsten.mueller-corbach@oracle.com The following is intended to outline our general product direction. It is intended for information purposes
More information1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges
1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda Business challenges
More informationSecurity management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.
Security management White paper Develop effective user management to demonstrate compliance efforts and achieve business value. September 2008 2 Contents 2 Overview 3 Understand the challenges of user
More informationIdentity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp.
Identity Management Basics Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com May 9, 2007 Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationEnterprise Identity Management Reference Architecture
Enterprise Identity Management Reference Architecture Umut Ceyhan Principal Sales Consultant, IDM SEE Agenda Introduction Virtualization Access Management Provisioning Demo Architecture
More informationSun and Oracle: Joining Forces in Identity Management
Sun and Oracle: Joining Forces in Identity Management The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into
More informationTrust but Verify: Best Practices for Monitoring Privileged Users
Trust but Verify: Best Practices for Monitoring Privileged Users Olaf Stullich, Product Manager (olaf.stullich@oracle.com) Arun Theebaprakasam, Development Manager Chirag Andani, Vice President, Identity
More informationHow to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions
How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions Introduction This paper provides an overview of the integrated solution and a summary of implementation options
More informationTake Control of Identities & Data Loss. Vipul Kumra
Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees
More informationBusiness and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis
Business and Process Requirements Business Requirements mapped to downstream Process Requirements IAM UC Davis IAM-REQ-1 Authorization Capabilities The system shall enable authorization capabilities that
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationA HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD
A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD By Gail Coury, Vice President, Risk Management, Oracle Managed Cloud Services 2014 W W W. OU T S O U R C IN G - CEN T E R. C O M Outsourcing
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationIdentity and Access Management (IAM)
Identity and Access Management (IAM) Emerging risks a look beyond compliance October 2013 Page 0 Agenda Why we have to think about IAM differently 2 Emerging IAM solution options 8 Solution deployment
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationKenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience
Kenneth Hee Director, Business Development Security & Identity Management Oracle Identity Management 11g R2 Securing The New Digital Experience This document is for informational purposes. It is not a
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More information<Insert Picture Here> Integrating your On-Premise Applications with Cloud Applications
Integrating your On-Premise Applications with Cloud Applications Agenda Hybrid IT Infrastructure An Emerging Trend A New Set of Challenges The Five Keys to Overcoming the Challenges
More informationIdentity Management Overview. Bill Nelson bill.nelson@gca.net Vice President of Professional Services
Identity Management Overview Bill Nelson bill.nelson@gca.net Vice President of Professional Services 1 Agenda Common Identity-related Requests Business Drivers for Identity Management Account (Identity)
More informationAutomated User Provisioning
Automated User Provisioning NOMINATING CATEGORY: ENTERPRISE IT MANAGEMENT INITIATIVES NOMINATOR: TONY ENCINIAS, CHIEF TECHNOLOGY OFFICER COMMONWEALTH OF PENNSYLVANIA 1 TECHNOLOGY PARK HARRISBURG, PA 17110
More informationsolution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly
More informationPrivileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationGoogle Apps Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate
More informationOracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010
Oracle Platform Security Services & Authorization Policy Manager Vinay Shukla July 2010 The following is intended to outline our general product direction. It is intended for information purposes only,
More informationSTATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses
STATE OF NEW YORK IT Transformation Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses June 8, 2012 Appendix B Consolidated Vendor Questions with
More informationIdentity and Access Management Point of View
Identity and Access Management Point of View Agenda What is Identity and Access Management (IAM)? Business Drivers and Challenges Compliance and Business Benefits IAM Solution Framework IAM Implementation
More informationAdvanced Configuration Steps
Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings
More informationB2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value
B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value IDM, 12 th November 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All
More informationmanaging SSO with shared credentials
managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout
More informationCentralized Oracle Database Authentication and Authorization in a Directory
Centralized Oracle Database Authentication and Authorization in a Directory Paul Sullivan Paul.J.Sullivan@oracle.com Principal Security Consultant Kevin Moulton Kevin.moulton@oracle.com Senior Manager,
More informationSecuring the Cloud through Comprehensive Identity Management Solution
Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style
More informationIdentity Management with midpoint. Radovan Semančík FOSDEM, January 2016
Management with midpoint Radovan Semančík FOSDEM, January 2016 Radovan Semančík Current: Software Architect at Evolveum Architect of Evolveum midpoint Contributor to ConnId and Apache Directory API Past:
More informationIntroductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management
Introductions KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management Agenda 1. Introduction 2. What is Cloud Computing? 3. The Identity Management
More informationIdentity and Access Management. An Introduction to IAM
Identity and Access Management An Introduction to IAM Table of contents Introduction... 3 What is Identity and Access Management?... 3 Identity and Access Management components... 3 Business drivers for
More informationIdentity & Access Management new complex so don t start?
IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach
More informationWhen millions need access: Identity management in an increasingly connected world
IBM Software Thought Leadership White Paper January 2011 When millions need access: Identity management in an increasingly connected world Best practice solutions that scale to meet today s huge numbers
More informationIBM Security Systems Division
IBM Security Systems Division Identitetshanterings id access management i ett Enterprise Network November 2012 Sven-Erik Vestergaard Nordic Security Architect Certified IT Specialist IBM software group
More informationExtending Identity and Access Management
Extending Identity and Access Management Michael Quirin Sales Engineer Citrix Systems 1 2006 Citrix Systems, Inc. All rights reserved. Company Overview Leader in Access Infrastructure NASDAQ 100 and S&P
More informationStrategic Identity Management for Industrial Control Systems
Strategic Identity Management for Industrial Control Systems Justin Harvey Encari ICSJWG 2010 Spring Conference Ground Rules Sticking to vendor neutral Questions Welcome Email me for a copy of the deck:
More informationPCI DSS Compliance: The Importance of Privileged Management. Marco Zhang marco_zhang@dell.com
PCI DSS Compliance: The Importance of Privileged Management Marco Zhang marco_zhang@dell.com What is a privileged account? 2 Lots of privileged accounts Network Devices Databases Servers Mainframes Applications
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationSOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio
SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY Identity-centric Security: The ca Securecenter Portfolio How can you leverage the benefits of cloud, mobile, and social media, while protecting
More informationCayosoft Administrator. Modern Administration. Cayosoft.com. Unify, Simplify and Secure Microsoft Administration. Features at a Glance
Active Directory & Office 365 Administration has Never Been Easier! Microsoft Active Directory (AD) is at the center of most enterprise strategies for granting users and groups the correct access to resources
More informationIntegrated Identity and Access Management Architectural Patterns
Redpaper Axel Buecker Dwijen Bhatt Daniel Craun Dr. Jayashree Ramanathan Neil Readshaw Govindaraj Sampathkumar Integrated Identity and Access Management Architectural Patterns Customers implement an integrated
More informationPROTECT YOUR WORLD. Identity Management Solutions and Services
PROTECT YOUR WORLD Identity Management Solutions and Services Discussion Points Security and Compliance Challenges Identity Management Architecture CSC Identity Management Offerings Lessons Learned and
More informationDirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet
Technical Data Sheet DirX Identity V8.5 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service
More informationSecurity It s an ecosystem thing
Security It s an ecosystem thing Joseph Alhadeff Vice President Global Public Policy, Chief Privacy Strategist The Security challenge in the before time. Today s Threat Environment
More information1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing
1 Introduction to Identity Management Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications An overview of business drivers and technology solutions. 2 Identity and Access Needs
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationHow to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment
WHITEPAPER How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment www.onelogin.com 150 Spear Street, Suite 1400, San Francisco, CA 94105 855.426.7272 EXECUTIVE SUMMARY
More informationProvisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1
Item Count Provisioning/Deprovisioning Automated Deprovisioning 1 Automated on/off boarding from an authoritative source AUTOMATED [DE-]PROVISIONING 1 Removal of resources at the appropriate time 1 Timeliness
More informationAVG Business Secure Sign On Active Directory Quick Start Guide
AVG Business Secure Sign On Active Directory Quick Start Guide The steps below will allow for download and registration of the AVG Business SSO Cloud Connector to integrate SaaS application access and
More informationHow To Manage A Plethora Of Identities In A Cloud System (Saas)
TECHNICAL WHITE PAPER Intel Cloud SSO How Intel Cloud SSO Works Just as security professionals have done for ages, we must continue to evolve our processes, methods, and techniques in light of the opportunities
More informationCSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO
CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO 2009 by Lieberman Software Corporation. Rev 20090921a Identity Management Definitions
More informationOracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success
Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success Manvendra Kumar AST Corporation, IL Scott Brinker College of American Pathologist, IL August
More informationOverview of Microsoft Enterprise Mobility Suite (EMS) Cloud University
Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University www.infrontconsulting.com Global #1 on System Center Trusted for over a decade Microsoft Partner of the year 2012, 2013 & 2014 #1
More informationEnterprise Management Solutions Protection Profiles
Enterprise Management Solutions Protection Profiles Eric Winterton, Booz Allen Hamilton Joshua Brickman, CA Inc. September 2008 Copyright 2008 CA, Inc. and Booz Allen Hamilton. All rights reserved. All
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationsolution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management
solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management Several trends have recently emerged to ignite the requirement for enterprise guest management. One is
More informationTHE MOBlLE APP. REVOLUTlON. 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD
THE MOBlLE APP REVOLUTlON 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD People use hand-held devices for everything from communicating and playing games to shopping and surfing the Internet. In fact,
More informationDirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet
Technical Data Sheet DirX Identity V8.4 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service
More informationRSA Identity Management & Governance (Aveksa)
RSA Identity Management & Governance (Aveksa) 1 RSA IAM Enabling trusted interactions between identities and information Access Platform Authentication Federation/SSO Employees/Partners/Customers Identity
More informationUbisecure. White Paper Series. e-service Maturity Model
Ubisecure White Paper Series e-service Maturity Model 2 e-service Maturity Model What we ve seen when we ve been dealing with the extranets and e-services, where companies can offer always available, easy-to-use
More informationAuthentication: Password Madness
Authentication: Password Madness MSIT 458: Information Security Group Presentation The Locals Password Resets United Airlines = 83,000 employees Over 13,000 password reset requests each month through the
More informationIDENTITY & ACCESS MANAGEMENT
Securely Enabling Your Business IDENTITY & ACCESS MANAGEMENT Customer Solution Case Study FishNet Security Helps Hotelier Prepare for Rapid Move to Cloud with New Identity Management Solution Achieving
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationIdentity & Access Management: Strategic Roadmap. April 2013
Identity & Access Management: Strategic Roadmap April 2013 What is IAM? Identity & Access Management is the set of policies, process, and technologies used to manage digital identities and their access
More informationDirectory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107
Okta White paper Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-dint-053013 Table of Contents
More informationOracle Identity Governance - Complete Identity Lifecycle Management
Oracle Identity Governance - Complete Identity Lifecycle Management M.Sc.Eng. Mārtiņš Orinskis, DPA Ltd lead project manager 07.11.2013 About me M.Sc.Eng. Mārtiņš Orinskis DPA Ltd lead project manager
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationOracle Mobile Security Suite. René Klomp 6 mei 2014
Oracle Mobile Security Suite René Klomp 6 mei 2014 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be
More informationCA Single Sign-On Migration Guide
CA Single Sign-On Migration Guide Web access management (WAM) systems have been a part of enterprises for decades. It is critical to control access and audit applications while reducing the friction for
More informationGovernance, Risk & Compliance for Public Sector
Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment
More informationGabriel Magariño. Software Engineer. gabriel.magarino@gmail.com. www.javapassion.com/idm. Overview Revisited
Gabriel Magariño Software Engineer gabriel.magarino@gmail.com www.javapassion.com/idm Overview Revisited Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus
More informationIdentity Management: Securing Information in the HIPAA Environment
Identity Management: Securing Information in the HIPAA Environment Mark Dixon Chief Identity Officer North American Software Line of Business Sun Microsystems 1 Agenda Challenges we Face Identity and Access
More informationOracleAS Identity Management Solving Real World Problems
OracleAS Identity Management Solving Real World Problems Web applications are great... Inexpensive development Rapid deployment Access from anywhere BUT. but they can be an administrative and usability
More informationIntroduction to Identity and Access Management for the engineers. Radovan Semančík April 2014
Introduction to Identity and Access Management for the engineers Radovan Semančík April 2014 How it works now? Manager Admin Login Users Login Admin Login Login Login Theory Manager Admin Forgot password
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationWHITEPAPER. Identity Access Management: Beyond Convenience
WHITEPAPER Identity Access Management: Beyond Convenience INTRODUCTION Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are
More informationDell World Software User Forum 2013
Dell World Software User Forum 2013 December 9-12 Austin, TX SaaS Mobile Management Overview of Cloud Client Manager and integration with KACE K1000 Introducing Dell Enterprise Mobility Management Your
More informationIdentity & Access Management in the Cloud: Fewer passwords, more productivity
WHITE PAPER Strategic Marketing Services Identity & Access Management in the Cloud: Fewer passwords, more productivity Cloud services are a natural for small and midsize businesses, with their ability
More informationSofterra Adaxes Enterprise Directory Solution
Identity and Active Directory Management Softerra Adaxes Enterprise Directory Solution Product Profile make the complex simple Copyright Copyright Softerra, Ltd. Softerra, All rights Ltd. reserved. All
More informationIdentity Access Management: Beyond Convenience
Identity Access Management: Beyond Convenience June 1st, 2014 Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are looking
More informationIdentity and Access Management: The Promise and the Payoff
0 Identity and Access Management: The Promise and the Payoff How An Identity and Access Management Solution Can Generate Triple-digit ROI Netegrity White Paper June 18, 2003 Page 1 Identity and Access
More informationidentity management in Linux and UNIX environments
Whitepaper identity management in Linux and UNIX environments EXECUTIVE SUMMARY In today s IT environments everything is growing, especially the number of users, systems, services, applications, and virtual
More informationMade for MSPs by an MSP
Made for MSPs by an MSP features & Pricing Guide THE END OF STICKY NOTE SECURITY www.passportalmsp.com lower costs improve security increase sales A cloud-based identity and password management solution
More informationADSelfService Plus Client Software Installation Guide
ADSelfService Plus Client Software Installation Guide ( I n s t a l l a t io n t h r o u g h A DS e l f S e r v ic e P l u s w e b p o r t a l a n d M a n u a l I n s t a l l a t io n ) 1 Table of Contents
More informationIdentity Management and Single Sign-On
Delivering Oracle Success Identity Management and Single Sign-On Al Lopez RMOUG Training Days February 2012 About DBAK Oracle Solution Provider and License Reseller Core Technology and EBS Applications
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES
pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon
More informationSaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology
SaaS at Pfizer Challenges, Solutions, Recommendations Agenda How are Cloud and SaaS different in practice? What does Pfizer s SaaS footprint look like? Identity is the Issue: Federation (SSO) and Provisioning/De-provisioning
More informationQuest One Identity Solution. Simplifying Identity and Access Management
Quest One Identity Solution Simplifying Identity and Access Management Identity and Access Management Challenges Operational Efficiency Security Compliance Too many identities, passwords, roles, directories,
More informationVermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0
Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision
More information